CVE-2014-3487
published 2014-07-09CVE-2014-3487: The cdf_read_property_info function in file before 5.19, as used in the Fileinfo component in PHP before 5.4.30 and 5.5.x before 5.5.14, does not properly…
medium4.3CVSS 3.1
AVNACMAuNCNINAP
The cdf_read_property_info function in file before 5.19, as used in the Fileinfo component in PHP before 5.4.30 and 5.5.x before 5.5.14, does not properly validate a stream offset, which allows remote attackers to cause a denial of service (application crash) via a crafted CDF file.
Affected
16 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apple | os_x_yosemite_v10.10.3_and_security_update_2015-004 | — | — |
| debian | debian_linux | — | — |
| debian | debian_linux | — | — |
| debian | file | < file 1:5.19-1 (bookworm) | file 1:5.19-1 (bookworm) |
| file_project | file | < 5.19 | 5.19 |
| file_project | file | >= 0 < 1:5.19-1 | 1:5.19-1 |
| file_project | file | >= 0 < 1:5.19-1 | 1:5.19-1 |
| file_project | file | >= 0 < 1:5.19-1 | 1:5.19-1 |
| file_project | file | >= 0 < 1:5.19-1 | 1:5.19-1 |
| file_project | file | >= 0 < 1:5.14-2ubuntu3.1 | 1:5.14-2ubuntu3.1 |
| opensuse | opensuse | — | — |
| oracle | linux | — | — |
| php | php | < 5.3.29 | 5.3.29 |
| php | php | >= 5.4.0 < 5.4.30 | 5.4.30 |
| php | php | >= 5.5.0 < 5.5.14 | 5.5.14 |
| php5 | php5 | >= 0 < 5.5.9+dfsg-1ubuntu4.3 | 5.5.9+dfsg-1ubuntu4.3 |
CVSS provenance
nvd4.3MEDIUMAV:N/AC:M/Au:N/C:N/I:N/A:P
osv6.5MEDIUM